Re: NFS through firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2005-11-18 at 09:36 +0000, Nigel Wade wrote:
> James Pifer wrote:
> > Hi. I have a server in our DMZ and I'm exporting a specific directory
> > with NFS. I have an internal server that I want to mount it on. The
> > internal server is allowed through the firewall without restriction.
> > Firewall guy tells me it's wide open for this internal server, TCP and
> > UDP. 
> > 
> > When I try to mount the drive I get this error:
> > pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection
> > reset by peer
> > 
> > On the server running NFS I get this:
> > rpc.mountd: authenticated mount request from [internal_server]:680
> > for /usr/test (/usr/test)
> > 
> > If I do an nmap from the internal server to the external server running
> > I get:
> > 
> > (The 1648 ports scanned but not shown below are in state: closed)
> > PORT      STATE SERVICE
> > 22/tcp    open  ssh
> > 80/tcp    open  http
> > 111/tcp   open  rpcbind
> > 443/tcp   open  https
> > 933/tcp   open  unknown
> > 5001/tcp  open  commplex-link
> > 5801/tcp  open  vnc-http-1
> > 5901/tcp  open  vnc-1
> > 10000/tcp open  snet-sensor-mgmt
> > 
> > A UDP port scan seems to hang. 
> > 
> > If I do an rpcinfo on the external server running NFS I get:
> > # rpcinfo -p 127.0.0.1
> >    program vers proto   port
> >     100000    2   tcp    111  portmapper
> >     100000    2   udp    111  portmapper
> >     100024    1   udp  32768  status
> >     100024    1   tcp  32768  status
> >     391002    2   tcp  32769  sgi_fam
> >     100011    1   udp    930  rquotad
> >     100011    2   udp    930  rquotad
> >     100011    1   tcp    933  rquotad
> >     100011    2   tcp    933  rquotad
> >     100003    2   udp   2049  nfs
> >     100003    3   udp   2049  nfs
> >     100021    1   udp  32781  nlockmgr
> >     100021    3   udp  32781  nlockmgr
> >     100021    4   udp  32781  nlockmgr
> >     100005    1   udp  32782  mountd
> >     100005    1   tcp  59483  mountd
> >     100005    2   udp  32782  mountd
> >     100005    2   tcp  59483  mountd
> >     100005    3   udp  32782  mountd
> >     100005    3   tcp  59483  mountd
> > 
> > Any thoughts on what the problem is?
> > 
> > Thanks,
> > James
> > 
> 
> Check that all firewalls have been setup to allow UDP. It looks as though TCP is 
> being allowed, but UDP is being blocked.
> 
> What version of the kernel are you running on the server? It's only registering 
> NFS vers 2&3 over UDP, not TCP.
> 

Although it took a while, it does appears that udp is working:
(The 1473 ports scanned but not shown below are in state: closed)
PORT      STATE SERVICE
123/udp   open  ntp
676/udp   open  unknown
743/udp   open  unknown
2049/udp  open  nfs
32768/udp open  omad

Nmap run completed -- 1 IP address (1 host up) scanned in 1466.739
seconds

Any other suggestions?

James
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux